package cn.org.rookie.jeesdp.authentication.controller;

import cn.org.rookie.jeesdp.core.po.User;
import cn.org.rookie.jeesdp.core.utils.IdUtils;
import cn.org.rookie.jeesdp.core.utils.SecurityUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.oidc.OidcScopes;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat;
import org.springframework.security.oauth2.server.authorization.settings.TokenSettings;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.ModelAndView;

import java.time.Duration;
import java.util.UUID;


/**
 * @author LHT
 * @date 2022-01-27 18:36
 */

@RestController
public class AuthorizationController {

    @Autowired
    private RegisteredClientRepository registeredClientRepository;
    @Autowired
    private PasswordEncoder passwordEncoder;

    @RequestMapping("/login")
    public ModelAndView login() {
        return new ModelAndView("login");
    }

    @RequestMapping("/userinfo")
    public User userinfo() {
        return SecurityUtils.getUser();
    }

    @RequestMapping("/oauth2/addClient")
    public String addClient() {
        String clientId = UUID.randomUUID().toString().replace("-", "");
        System.out.println(clientId);
        String secret = UUID.randomUUID().toString().replace("-", "");
        System.out.println(secret);
        RegisteredClient oidcClient = RegisteredClient.withId(String.valueOf(IdUtils.snowflakeId()))
                .clientId(clientId)
                .clientName("")
                .clientSecret(passwordEncoder.encode(secret))
                .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
                .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST)
                .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
                .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS)
                .authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN)
                .scope(OidcScopes.OPENID)
                .scope(OidcScopes.PROFILE)
                .scope(OidcScopes.EMAIL)
                .scope(OidcScopes.PHONE)
                .scope(OidcScopes.ADDRESS)
                .redirectUri("http://127.0.0.1")
                .clientSettings(ClientSettings.builder().build())
                .tokenSettings(
                        TokenSettings.builder()
                                .accessTokenTimeToLive(Duration.ofHours(1)) // 设置访问令牌有效期为1小时
                                .refreshTokenTimeToLive(Duration.ofHours(1)) // 设置刷新令牌有效期为1小时
                                .authorizationCodeTimeToLive(Duration.ofHours(1))
                                .accessTokenFormat(OAuth2TokenFormat.SELF_CONTAINED) // 使用透明token
                                .build()
                )
                .build();
        registeredClientRepository.save(oidcClient);
        return "index";
    }

}
